The popular decentralized exchange (DEX) Trader Joe announced a security breach in its frontend interface on Nov. 17.
The breach, identified in a third-party analytics plugin, potentially exposed numerous users, prompting immediate action by the platform’s team.
The team quickly removed the malicious code and temporarily shut down the frontend to mitigate risks. The incident rerouted some users’ transactions to an unknown contract – “0xd8ea…33581bf.” Trader Joe urged affected users to revoke access given to this contract.
In response, Trader Joe advised users to check and revoke approvals of the malicious contract using token approval checkers and wallet services. The DEX also emphasized confirming contract addresses during transactions using their developer documents. The Trader Joe Discord provided guided support.
Following investigation and remediation, Trader Joe has restored its frontend, ensuring it is safe for trading, liquidity, staking and lending. The DEX aims to prevent future vulnerabilities by eliminating third-party integrations.